66 Commits (ca1d595b07799403578f41a997cebe3bd01f535b)

Author SHA1 Message Date
  Lorenzo Villani 5d1090d488 Make sure fail2ban is started 10 years ago
  Lorenzo Villani d5ecf673d3 Calm OCD by sorting almost every with_items block in alphabetical order 10 years ago
  Lorenzo Villani e7703d0d9c Add support for Apache 2.4 on Ubuntu 14.04 10 years ago
  Lorenzo Villani e2e61a2f76 Install 'fuse' instead of 'fuse-utils' 10 years ago
  Sven Neuhaus 63ba754eb7 libpam-google-authenticator uses distribution package on Ubuntu 14.04 10 years ago
  Gelnior 7995bac36c put back enc.fs (removed by mistake) 10 years ago
  Gelnior bd57edd5a5 newebe config: fix Newebe config file task 10 years ago
  Justin Plock 1d7986fd96 Enable UFW and deny everything by default 10 years ago
  Justin Plock ea0b288818
Moved ufw firewall rules into individual roles 10 years ago
  Justin Plock ed75c9469b
libpam-dev didn't exist for some people so switching to libpam0g-dev instead 10 years ago
  Justin Plock e88fb57cba
Skip the google authenticator generation if we're running as vagrant. Vagrant can't sudo to the sovereign test user so this won't work. 10 years ago
  Justin Plock 2d751ab680
The .google_authenticator file has to be generated by the user that is going to attempt to use it. Also, -W doesn't seem to work (results an in INVALID_WINDOW error in /var/log/auth.log), so use -w 1 to allow for a single concurrent token 10 years ago
  Justin Plock c037dce07a
Clarified parameters are bit in a comment 10 years ago
  Justin Plock 22a8717f6d
Automatically generate the Google authenticator file for the default user 10 years ago
  Justin Plock 84c9febec7
Added Google Authenticator 2FA logins 10 years ago
  Justin Plock 89f018bd23
In preparation for using any 2FA solution, it will most likely need to modify sshd_config, so let's change the file in place instead of overwriting it completely. 10 years ago
  Justin Plock 9f918363b9
Set a ServerName for apache (fixes #187) 10 years ago
  Benjamin Reitzammer d957760697 Making main user's shell configurable 10 years ago
  Justin Plock 3b0308d69e Allow both TCP and UDP port 53 for DNS lookups through OpenVPN 11 years ago
  Joost Baaij ae2e74bb79 make NTP pool configurable 11 years ago
  Joost Baaij 4837d2e87a extract NTP logic 11 years ago
  Joost Baaij 715399a2f1 added pop3s and imaps ports to fail2ban. 11 years ago
  Joost Baaij 2033c37982 Enabled unattended-upgrades 11 years ago
  Joost Baaij 335cef5c9f Enabled POP3S for old-timeys who dig that 11 years ago
  Joshua Lund 4ed07a1e0a * Made the OpenVPN port and protocol (tcp/udp) configurable 11 years ago
  Mark Paschal 10aff54015 Only ban in response to fail2ban results 11 years ago
  Luke Cyca 4bc4cebf41 Explicit permissions for all cert files 11 years ago
  Luke Cyca 76d52b63f3 XMPP cert handling improvements, ufw rules, and tests 11 years ago
  Alex Payne f7f7157cec more updated variable formatting and accommodation of the YAML parser being a fussbudget 11 years ago
  Alex Payne 34d7595c0b ensure we can install from third-party repos across playbooks 11 years ago
  Alex Payne d28f0f82b9 move to non-deprecated template variable formatting 11 years ago
  Luke Cyca e46ad018ba Improved test suite, rewritten in python 11 years ago
  Luke Cyca 2f145ce543 Two small apache-related fixes 11 years ago
  Luke Cyca 08d6827755 New vagrant-based development environment 11 years ago
  Luke Cyca b1a3b8b67d Use discovered IPv4 address 11 years ago
  Luke Cyca 37a0400c22 Standardize apache’s 301 redirect to https, and enable HSTS 11 years ago
  Luke Cyca bdab1cd6b1 Reworked ufw logic to not use change_when keyword 11 years ago
  Allen Riddell 5b8ba840a4 workaround ufw bug, call ufw enable twice 11 years ago
  Allen Riddell ae0d1ca8f4 Ignore ufw error resulting from known bug on Debian 7 11 years ago
  Luke Cyca 7043143f90 Improved idempotency and removed ip detection for checkrbl 11 years ago
  Allen Riddell 88705bb7fa Replace ferm with ufw 11 years ago
  Bertrand Cachet f43c57e132 fix(apticron): apticron emails are sent to root 11 years ago
  Bertrand Cachet 373cb4584b add(apticron): configure email 11 years ago
  Bertrand Cachet df802919f7 add(fail2ban): Add server IP address to ignore IP 11 years ago
  Alex Payne a9cabad947 Update etc_ferm_ferm.conf 11 years ago
  Allen Riddell 580e3ef5c1 Don't open unused ports 11 years ago
  Greg Karékinian 58dddc55d1 Remove variables from roles 11 years ago
  Luke Cyca c697e135e9 Move NameVirtualHost directives to ports.conf 11 years ago
  Alex Payne f27442b678 move tarsnap to its own role 11 years ago
  Luke Cyca 5beacea2d2 Absolute path for tarsnap 11 years ago